Cyber-security detection and response systems may be configured to aggregate and unify data from multiple devices, components, and platforms on a computer network. Security administrators often design and implement a standard operating procedure of device-actions taken by security individuals in response to a security incident. Based on the nature of a particular threat, the cyber-security system may initiate an action plan that is tailored to the security operations center and its operating procedures to protect potentially impacted components and network resources. The goal of cyber-security systems is to provide rapid and reliable, enterprise-wide threat responses, e.g., to mitigate threats, survive breaches, and maintain operations during attacks. To provide rapid responses, security administrators often program preconfigured response plans for implementation upon recognition of a cyber-security threat. The cyber-security system can thus provide system configuration instructions to defend against threats originating both external to and internal to the network. At present such specific threat response plans and related system configuration instructions must be individually coded by the security administrator. The coding in the response plan must also be specific to the hardware on the network of the enterprise to activate, deactivate, or otherwise reconfigure the hardware and other network systems to respond to the particular security threat identified.
The information included in this Background section of the specification, including any references cited herein and any description or discussion thereof, is included for technical reference purposes only and is not to be regarded subject matter by which the scope of the invention as defined in the claims is to be bound.